I have been in the process of converting from the dead-end Windows Home Server product to a FreeNAS server for my home NAS. I was trying to replicate the same sort of set up that WHS had for user directories. In WHS, there was a share called "Users" and under that share there were various user directories corresponding to each user account. I thought it would be pretty simple to replicate that same behavior to allow users to simply attach to \\nas-server-name\Users in Windows, and then navigate to their own user folder. What follows is how I achieved this, as well as a problem I fought with for a while that prevented certain users from connecting via CIFS.
First, I started off the process by installing FreeNAS to a USB stick, added a few disks in the server, plugged in the USB stick and booted up. I performed basic config for the networking, and admin account passwords, and turned on the CIFS service.
Next, I created a some user accounts for my wife and myself, and then one for my son. The primary group for each of these accounts was the same as the user name. Also, I made sure to create these accounts with the same username as the username each person uses on their computer to login. This will just help simplify things later on when they go to attach to the shares. I then created a group called "parents" for my wife and myself, and then created a group called "users" that everyone was part of.
I then created a ZFS RAID-Z set with all the disks I had added to the server. I then created a ZFS volume called "main" which was the root of my RAID-Z set and set the owner to "nobody" and group to "parents" with read, write, and execute permissions for the owner and group. I then proceeded to create ZFS datasets underneath the main ZFS volume for each of my share points. I did this because this would allow me to set size limits on each share type to control disk usage. For each dataset that I only wanted my wife and I to access, I set the owner to "nobody", and the group to "parents". For the Users share, though, I set the group to "users". I also created additional datasets under "Users" for each user to be able to set per user directory quotas, setting the owner to the user for that dataset, and the group to "parents" for all of them.
|The "main" volume, and the ZFS datasets below that volume|
|The "incorrect" permissions on the main volume.|
Once I changed the permissions on the "main" volume to allow "Other" to Read and Execute, my son was able to login, and could only go down to his own user directory to work with his files. My wife and I could see and manipulate everything on the NAS, which is exactly what I was striving for.